• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

One static, 1 dynamic address ...

Scheduled Pinned Locked Moved IPsec
2 Posts 1 Posters 245 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • O
    oldlock
    last edited by Apr 14, 2020, 7:19 AM

    This question has been asked many times, but I have yet to see a concise and clear answer to it. Here is the situation.

    In Australia publicly route-able IP addresses for LTE services are :

    1 - Hard to get
    2 - Expensive
    3 - Add a LOT to latency as all traffic that uses them is routed via 1 exchange in Sydney irrespective of where you are in the country.

    So, for my site to site IPSEC VPN I have :

    Fixed IP for fibre connection into main office (SG3100 server lives here)
    10 LTE routers at remote sites, each with a dynamic, non-routable IP. So these clients need to be able to connect to the server. I'm 100% happy for the server to act as a responder only. I've done this before with cisco ASA etc so I know the LTE side is capable of it. I assume there must be a way for the pfsense to do the same thing ??

    Anyone have any insights. Please note the condition - DYNDNS at the LTE client cannot be part of the solution .

    1 Reply Last reply Reply Quote 0
    • O
      oldlock
      last edited by Apr 15, 2020, 10:26 AM

      OK. For anyones interest this does work.

      1 - Turn off automatic firewall creation on the pfsense.
      2 - Set the wan address in phase 1 to 0.0.0.0
      3 - In phase 1 advanced select responder only.
      4 - Create any/any firewall rule in IPSEC rules.
      5 - Create UDP/500, UDP4500 and ESP all rules.

      And we have sucess, thanks in no small part to some very patient support staff.

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received